More than 43,000 sign petition against U.S. encryption-breaking bill

More than 43,000 people have signed a petition against proposed U.S. legislation that would require tech companies to break into their users' encrypted data when ordered to by a judge.

The proposal, from Senators Richard Burr and Dianne Feinstein, would require smartphone OS developers and other tech vendors to assist law enforcement agencies by breaking their own security measures.

CREDO Action, a progressive activist group, launched a petition opposing the Compliance with Court Orders Act on Tuesday, and more than 43,000 people had signed it by early Thursday afternoon.

The draft legislation would "undermine Americans’ privacy, make encryption illegal and force companies to weaken the security of their products and services," CREDO Action's website says. "We need to make sure this dangerous legislation doesn’t gain any traction in Congress."

Burr, a North Carolina Republican, and Feinstein, a California Democrat, officially released the proposal Wednesday after it was leaked last week. The two senior members of the Senate Intelligence Committee have worked on the proposal as the FBI and Apple have sparred in court over the company's refusal to help unlock a terrorism suspect's iPhone.

Several digital rights groups also have criticized the proposal.

The draft bill "instructs every tech vendor in America to use either backdoored encryption or no encryption at all, even though practically every security expert in the country would tell you that means laying down our arms in the constant fight to secure our data against thieves, hackers, and spies," wrote Kevin Bankston, director of the New America Foundation's Open Technology Institute, in a blog post.

Several former intelligence officials have called for the U.S. government to support strong encryption, Bankston noted. "The fact that this lose-lose proposal is coming from the leaders of our Senate’s intelligence committee ... would be embarrassing if it weren’t so frightening," he added.

The draft proposal is meant to start a "meaningful" discussion about the role of encryption and law enforcement access to criminal suspects' devices, Burr said in a statement.

"I have long believed that data is too insecure, and feel strongly that consumers have a right to seek solutions that protect their information – which involves strong encryption," Burr added. "I do not believe, however, that those solutions should be above the law."

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.